Slides from the article presentation at the 15th International Conference of Information Security and Cryptology -- ICISC2012 held on November 28 - November 30, 2012 in Seoul, South Korea
Top 10 Most Downloaded Games on Play Store in 2024
Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments
1. Trusted Launch
of Generic Virtual Machine Images
in Public IaaS Environments
Nicolae Paladi1*, Christian Gehrmann1,
Mudassar Aslam1, Fredric Morenius2
1
Swedish Institute of Computer Science
2
Ericsson Research
2. 2
Contents
1. Infrastructure-as-a-Service
2. Problem Setting
3. Attacker Model
4. Related Work
5. Protocol Description
6. Protocol Implementation
7. Conclusion
-
u re
ct
ru -
st a
fra as- vice
In r
Se
3. 3
Infrastructure-as-a-Service
• A 'cloud computing' service model (NIST:2011):
Provision processing, storage, networks.
Deploy and run arbitrary software
No control over underlying cloud infrastructure
Control over OS, storage, deployed applications.
Limited control of select networking components.
rio
e na d s
Sc an tion
i
in
def
4. 4
Scenario and Definitions
Scheduler
(S)
Compute Compute Compute
Host Host Host
(CH) (CH) (CH)
Hardware Hardware Hardware
Client (C) f
rie te
B o M
N TP
on
5. 5
A Brief Note on TPM
•
Trusted platform module v1.2 as specified by TCG
•
v2.0 is currently under review
•
Tamper-evident
•
16+ PCRs as volatile or non-volatile storage
Four operations: Signing / Binding / Sealing / Sealed-sign
em
o bl ng
Pr etti
S
6. 6
Problem Setting
• “Consumer is able to deploy and run arbitrary software, which can
include operating systems and applications.”
•
Client can launch VMs for sensitive computations.
•
Trusted VM launch – the correct VM is launched in a IaaS
platform on a host with a known software stack verified to not
have been modified by malicious actors.
•
How do we ensure a trusted VM launch in an untrusted
IaaS environment?
er
ta c k el
At od
M
7. 7
Attacker Model
• (Ar) has root access to IaaS hosts.
• (Ar) has no physical access.
• (Ar) has no access to CH's memory.
• (Ar) can act maliciously or in good faith.
ck
tta ario
A n
e
Sc 1
• (A ) can be a person/malicious software/code bug.
8. 8
Attack scenario 1
Remote Attacker
Scheduler
Ar
(S)
Trusted
Compute Compute
Host Host
(CH) (CH)
Hardware Hardware Hardware
Client (C) ck
tta ario
A n
e
Sc 2
9. 9
Attack scenario 2
Remote Attacker
Ar
Compute Compute
Host Host
(CH) (CH)
Hardware Hardware Hardware
Client (C) ed
lat rk
Re o
W
11. 11
Trusted VM Launch Protocol:
Trusted Third Party
•
Trusted Third Party (TTP) – trusted by C and IaaS, able
to assess the SP of CH according to predefined guidelines.
•
Security profile (SP) – verified setup of an VM, trusted by
the Participants.
•
Currently no fine-grained scale of SP available.
•
Limited to only matching the measurements with
reference values.
g
Bi e
e r
Th ictu
P
12. The big picture
3.
(S)
1.
4.
5.
2.
CH CH CH
6.
HW
HW HW +
TPM l
Client (C) c o ion
to t
ro crip
P s 1)
e (
D
13. 13
Trusted VM Launch Protocol:
Protocol Details (1)
l
c o ion
to t
ro crip
P s 2)
e (
D
14. 14
Trusted VM Launch Protocol:
Protocol Details (2)
l
co ion
to t
ro rip
P sc 3)
e (
D
15. 15
Trusted VM Launch Protocol:
Protocol Details (3)
l
c o ion
to t
ro crip
P s 4)
e (
D
17. 18
Trusted VM Launch Protocol:
OpenStack
•
Protocol was implemented in OpenStack
•
Open Source IaaS deployment and management
platform.
•
Large user base and multiple industry contributors
•
“Essex” release as baseline.
•
Aimed to have a minimal footprint in terms of code
modifications.
•
Implementation changed 4 components
involved in the launch process (presented next). l n
co atio
to t
r o en
P m )
e
pl (1
Im
18. 19
Trusted VM Launch Protocol:
Protocol Implementation (1)
Affected components:
•
Nova SQL db – global security profile per compute host.
•
Dashboard – request compute host attestation, minimum
SP, TTP’s URL and Token upload.
•
Scheduler – SimpleScheduler to schedule VM launches on
trusted CH with the requested–or stricter–SP.
•
Nova compute – support communication with TPM through
TSS, encryption/decryption and VM image integrity
assessment. l n
co tatio
to
ro en
P e m 2)
pl (
Im
19. 20
Trusted VM Launch Protocol:
Protocol Implementation (2)
•
TrustedComputingPools (currently in blueprints)
will introduce TPM support in OpenStack
•
Trusted IaaS provider with untrusted nodes.
•
Node attestation offered as “premium service”.
•
Node attestation performed by IaaS provider itself.
n
u si o
n cl
Co
20. 21
Conclusion
•
A trusted VM launch protocol available assuming
an untrusted IaaS platform + TPM + physical
security of the hosts.
•
Fairly close to ongoing industrial implementation
but offers stricter security guarantees.
•
Fine-grained attestation process on the TTP side
still a research challenge.